headscale/app.go

package headscale

import (
	"errors"
	"fmt"
	"net/http"
	"os"
	"strings"
	"sync"
	"time"

	"github.com/rs/zerolog/log"

	"github.com/gin-gonic/gin"
	"golang.org/x/crypto/acme/autocert"
	"gorm.io/gorm"
	"inet.af/netaddr"
	"tailscale.com/tailcfg"
	"tailscale.com/types/wgkey"
)

// Config contains the initial Headscale configuration
type Config struct {
	ServerURL                      string
	Addr                           string
	PrivateKeyPath                 string
	DerpMap                        *tailcfg.DERPMap
	EphemeralNodeInactivityTimeout time.Duration
	IPPrefix                       netaddr.IPPrefix

	DBtype string
	DBpath string
	DBhost string
	DBport int
	DBname string
	DBuser string
	DBpass string

	TLSLetsEncryptListen        string
	TLSLetsEncryptHostname      string
	TLSLetsEncryptCacheDir      string
	TLSLetsEncryptChallengeType string

	TLSCertPath string
	TLSKeyPath  string
}

// Headscale represents the base app of the service
type Headscale struct {
	cfg        Config
	db         *gorm.DB
	dbString   string
	dbType     string
	dbDebug    bool
	publicKey  *wgkey.Key
	privateKey *wgkey.Private

	aclPolicy *ACLPolicy
	aclRules  *[]tailcfg.FilterRule

	clientsPolling sync.Map
}

// NewHeadscale returns the Headscale app
func NewHeadscale(cfg Config) (*Headscale, error) {
	content, err := os.ReadFile(cfg.PrivateKeyPath)
	if err != nil {
		return nil, err
	}
	privKey, err := wgkey.ParsePrivate(string(content))
	if err != nil {
		return nil, err
	}
	pubKey := privKey.Public()

	var dbString string
	switch cfg.DBtype {
	case "postgres":
		dbString = fmt.Sprintf("host=%s port=%d dbname=%s user=%s password=%s sslmode=disable", cfg.DBhost,
			cfg.DBport, cfg.DBname, cfg.DBuser, cfg.DBpass)
	case "sqlite3":
		dbString = cfg.DBpath
	default:
		return nil, errors.New("unsupported DB")
	}

	h := Headscale{
		cfg:        cfg,
		dbType:     cfg.DBtype,
		dbString:   dbString,
		privateKey: privKey,
		publicKey:  &pubKey,
		aclRules:   &tailcfg.FilterAllowAll, // default allowall
	}

	err = h.initDB()
	if err != nil {
		return nil, err
	}

	return &h, nil
}

// Redirect to our TLS url
func (h *Headscale) redirect(w http.ResponseWriter, req *http.Request) {
	target := h.cfg.ServerURL + req.URL.RequestURI()
	http.Redirect(w, req, target, http.StatusFound)
}

// expireEphemeralNodes deletes ephemeral machine records that have not been
// seen for longer than h.cfg.EphemeralNodeInactivityTimeout
func (h *Headscale) expireEphemeralNodes(milliSeconds int64) {
	ticker := time.NewTicker(time.Duration(milliSeconds) * time.Millisecond)
	for range ticker.C {
		h.expireEphemeralNodesWorker()
	}
}

func (h *Headscale) expireEphemeralNodesWorker() {
	namespaces, err := h.ListNamespaces()
	if err != nil {
		log.Error().Err(err).Msg("Error listing namespaces")
		return
	}
	for _, ns := range *namespaces {
		machines, err := h.ListMachinesInNamespace(ns.Name)
		if err != nil {
			log.Error().Err(err).Str("namespace", ns.Name).Msg("Error listing machines in namespace")
			return
		}
		for _, m := range *machines {
			if m.AuthKey != nil && m.LastSeen != nil && m.AuthKey.Ephemeral && time.Now().After(m.LastSeen.Add(h.cfg.EphemeralNodeInactivityTimeout)) {
				log.Info().Str("machine", m.Name).Msg("Ephemeral client removed from database")
				err = h.db.Unscoped().Delete(m).Error
				if err != nil {
					log.Error().Err(err).Str("machine", m.Name).Msg("🤮 Cannot delete ephemeral machine from the database")
				}
				err = h.notifyChangesToPeers(&m)
				if err != nil {
					continue
				}
			}
		}
	}
}

// WatchForKVUpdates checks the KV DB table for requests to perform tailnet upgrades
// This is a way to communitate the CLI with the headscale server
func (h *Headscale) watchForKVUpdates(milliSeconds int64) {
	ticker := time.NewTicker(time.Duration(milliSeconds) * time.Millisecond)
	for range ticker.C {
		h.watchForKVUpdatesWorker()
	}
}

func (h *Headscale) watchForKVUpdatesWorker() {
	h.checkForNamespacesPendingUpdates()
	// more functions will come here in the future
}

// Serve launches a GIN server with the Headscale API
func (h *Headscale) Serve() error {
	r := gin.Default()
	r.GET("/health", func(c *gin.Context) { c.JSON(200, gin.H{"healthy": "ok"}) })
	r.GET("/key", h.KeyHandler)
	r.GET("/register", h.RegisterWebAPI)
	r.POST("/machine/:id/map", h.PollNetMapHandler)
	r.POST("/machine/:id", h.RegistrationHandler)
	var err error

	go h.watchForKVUpdates(5000)
	go h.expireEphemeralNodes(5000)

	if h.cfg.TLSLetsEncryptHostname != "" {
		if !strings.HasPrefix(h.cfg.ServerURL, "https://") {
			log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")
		}

		m := autocert.Manager{
			Prompt:     autocert.AcceptTOS,
			HostPolicy: autocert.HostWhitelist(h.cfg.TLSLetsEncryptHostname),
			Cache:      autocert.DirCache(h.cfg.TLSLetsEncryptCacheDir),
		}
		s := &http.Server{
			Addr:      h.cfg.Addr,
			TLSConfig: m.TLSConfig(),
			Handler:   r,
		}
		if h.cfg.TLSLetsEncryptChallengeType == "TLS-ALPN-01" {
			// Configuration via autocert with TLS-ALPN-01 (https://tools.ietf.org/html/rfc8737)
			// The RFC requires that the validation is done on port 443; in other words, headscale
			// must be reachable on port 443.
			err = s.ListenAndServeTLS("", "")
		} else if h.cfg.TLSLetsEncryptChallengeType == "HTTP-01" {
			// Configuration via autocert with HTTP-01. This requires listening on
			// port 80 for the certificate validation in addition to the headscale
			// service, which can be configured to run on any other port.
			go func() {

				log.Fatal().
					Err(http.ListenAndServe(h.cfg.TLSLetsEncryptListen, m.HTTPHandler(http.HandlerFunc(h.redirect)))).
					Msg("failed to set up a HTTP server")
			}()
			err = s.ListenAndServeTLS("", "")
		} else {
			return errors.New("unknown value for TLSLetsEncryptChallengeType")
		}
	} else if h.cfg.TLSCertPath == "" {
		if !strings.HasPrefix(h.cfg.ServerURL, "http://") {
			log.Warn().Msg("Listening without TLS but ServerURL does not start with http://")
		}
		err = r.Run(h.cfg.Addr)
	} else {
		if !strings.HasPrefix(h.cfg.ServerURL, "https://") {
			log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")
		}
		err = r.RunTLS(h.cfg.Addr, h.cfg.TLSCertPath, h.cfg.TLSKeyPath)
	}
	return err
}
Initial commit 2020-06-21 18:32:08 +08:00			`package headscale`

			`import (`
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`"errors"`
Initial commit 2020-06-21 18:32:08 +08:00			`"fmt"`
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`"net/http"`
Fixes here and there 2021-02-22 06:54:15 +08:00			`"os"`
Add HTTPS support for the web endpoint with manually configured certificate/key files. 2021-04-24 04:54:35 +08:00			`"strings"`
WIP: Client updates. Long polling rewritten 2021-02-24 04:07:52 +08:00			`"sync"`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`"time"`
Initial commit 2020-06-21 18:32:08 +08:00
Initial port to zerologger 2021-08-06 01:11:26 +08:00			`"github.com/rs/zerolog/log"`

Initial commit 2020-06-21 18:32:08 +08:00			`"github.com/gin-gonic/gin"`
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`"golang.org/x/crypto/acme/autocert"`
Use gorm connection pool 2021-07-05 03:40:46 +08:00			`"gorm.io/gorm"`
Make IP prefix configurable This commit makes the IP prefix used to generate addresses configurable to users. This can be useful if you would like to use a smaller range or if your current setup is overlapping with the current range. The current range is left as a default 2021-08-03 03:06:26 +08:00			`"inet.af/netaddr"`
Load DERP servers from file 2021-02-21 06:57:06 +08:00			`"tailscale.com/tailcfg"`
Update code to Tailscale 1.10 2021-06-26 00:57:08 +08:00			`"tailscale.com/types/wgkey"`
Initial commit 2020-06-21 18:32:08 +08:00			`)`

Improving code... 2021-02-22 05:14:38 +08:00			`// Config contains the initial Headscale configuration`
Initial commit 2020-06-21 18:32:08 +08:00			`type Config struct {`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`ServerURL string`
			`Addr string`
			`PrivateKeyPath string`
			`DerpMap *tailcfg.DERPMap`
			`EphemeralNodeInactivityTimeout time.Duration`
Make IP prefix configurable This commit makes the IP prefix used to generate addresses configurable to users. This can be useful if you would like to use a smaller range or if your current setup is overlapping with the current range. The current range is left as a default 2021-08-03 03:06:26 +08:00			`IPPrefix netaddr.IPPrefix`
Initial commit 2020-06-21 18:32:08 +08:00
Added support for sqlite as database backend 2021-05-15 20:32:26 +08:00			`DBtype string`
			`DBpath string`
Initial commit 2020-06-21 18:32:08 +08:00			`DBhost string`
			`DBport int`
			`DBname string`
			`DBuser string`
			`DBpass string`
Add HTTPS support for the web endpoint with manually configured certificate/key files. 2021-04-24 04:54:35 +08:00
Add a 'tls_letsencrypt_listen' config option Currently the default (and non-configurable) Let's Encrypt listener will bind to all IPs. This isn't ideal if we want to run headscale on a specific IP only. This also allows for one to set the listener to something other than port 80. This is useful for OSs like OpenBSD which only allow root to bind the lower port ranges (and don't have `setcap`) as we can now run `headscale` as a non-privileged user while still using the baked in ACME magic. Obviously this configuration would also require a reverse proxy or firewall rule to redirect traffic. I attempted to outline that in the README change. 2021-07-24 06:12:01 +08:00			`TLSLetsEncryptListen string`
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`TLSLetsEncryptHostname string`
			`TLSLetsEncryptCacheDir string`
			`TLSLetsEncryptChallengeType string`

Add HTTPS support for the web endpoint with manually configured certificate/key files. 2021-04-24 04:54:35 +08:00			`TLSCertPath string`
			`TLSKeyPath string`
Initial commit 2020-06-21 18:32:08 +08:00			`}`

Improving code... 2021-02-22 05:14:38 +08:00			`// Headscale represents the base app of the service`
Initial commit 2020-06-21 18:32:08 +08:00			`type Headscale struct {`
			`cfg Config`
Use gorm connection pool 2021-07-05 03:40:46 +08:00			`db *gorm.DB`
Initial commit 2020-06-21 18:32:08 +08:00			`dbString string`
Fix bug in preauthkeys: namespace object was not populated in the return value from CreatePreAuthKey and GetPreAuthKeys. Add tests for that bug, and the rest of the preauthkeys functionality. Fix path in `compress` Makefile target. 2021-05-03 02:47:36 +08:00			`dbType string`
			`dbDebug bool`
Update code to Tailscale 1.10 2021-06-26 00:57:08 +08:00			`publicKey *wgkey.Key`
			`privateKey *wgkey.Private`
WIP: Client updates. Long polling rewritten 2021-02-24 04:07:52 +08:00
Work in progress in rule generation 2021-07-03 23:31:32 +08:00			`aclPolicy *ACLPolicy`
Load ACL policy on headscale startup 2021-07-04 19:24:05 +08:00			`aclRules *[]tailcfg.FilterRule`
Work in progress in rule generation 2021-07-03 23:31:32 +08:00
Removes locks causing deadlock This commit removes most of the locks in the PollingMap handler as there was combinations that caused deadlocks. Instead of doing a plain map and doing the locking ourselves, we use sync.Map which handles it for us. 2021-08-06 05:14:37 +08:00			`clientsPolling sync.Map`
Initial commit 2020-06-21 18:32:08 +08:00			`}`

Improving code... 2021-02-22 05:14:38 +08:00			`// NewHeadscale returns the Headscale app`
Initial commit 2020-06-21 18:32:08 +08:00			`func NewHeadscale(cfg Config) (*Headscale, error) {`
Fixes here and there 2021-02-22 06:54:15 +08:00			`content, err := os.ReadFile(cfg.PrivateKeyPath)`
Initial commit 2020-06-21 18:32:08 +08:00			`if err != nil {`
			`return nil, err`
			`}`
Update code to Tailscale 1.10 2021-06-26 00:57:08 +08:00			`privKey, err := wgkey.ParsePrivate(string(content))`
Initial commit 2020-06-21 18:32:08 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`pubKey := privKey.Public()`
Added support for sqlite as database backend 2021-05-15 20:32:26 +08:00
			`var dbString string`
			`switch cfg.DBtype {`
			`case "postgres":`
			`dbString = fmt.Sprintf("host=%s port=%d dbname=%s user=%s password=%s sslmode=disable", cfg.DBhost,`
			`cfg.DBport, cfg.DBname, cfg.DBuser, cfg.DBpass)`
			`case "sqlite3":`
			`dbString = cfg.DBpath`
			`default:`
Minor typo 2021-07-11 21:10:37 +08:00			`return nil, errors.New("unsupported DB")`
Added support for sqlite as database backend 2021-05-15 20:32:26 +08:00			`}`

Initial commit 2020-06-21 18:32:08 +08:00			`h := Headscale{`
Added support for sqlite as database backend 2021-05-15 20:32:26 +08:00			`cfg: cfg,`
			`dbType: cfg.DBtype,`
			`dbString: dbString,`
Initial commit 2020-06-21 18:32:08 +08:00			`privateKey: privKey,`
			`publicKey: &pubKey,`
Load ACL policy on headscale startup 2021-07-04 19:24:05 +08:00			`aclRules: &tailcfg.FilterAllowAll, // default allowall`
Initial commit 2020-06-21 18:32:08 +08:00			`}`
Load ACL policy on headscale startup 2021-07-04 19:24:05 +08:00
Initial commit 2020-06-21 18:32:08 +08:00			`err = h.initDB()`
			`if err != nil {`
			`return nil, err`
			`}`
Use gorm connection pool 2021-07-05 03:40:46 +08:00
Initial commit 2020-06-21 18:32:08 +08:00			`return &h, nil`
			`}`

Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`// Redirect to our TLS url`
			`func (h Headscale) redirect(w http.ResponseWriter, req http.Request) {`
			`target := h.cfg.ServerURL + req.URL.RequestURI()`
			`http.Redirect(w, req, target, http.StatusFound)`
			`}`

Expire ephemeral is internal 2021-08-13 03:45:40 +08:00			`// expireEphemeralNodes deletes ephemeral machine records that have not been`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`// seen for longer than h.cfg.EphemeralNodeInactivityTimeout`
Expire ephemeral is internal 2021-08-13 03:45:40 +08:00			`func (h *Headscale) expireEphemeralNodes(milliSeconds int64) {`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`ticker := time.NewTicker(time.Duration(milliSeconds) * time.Millisecond)`
			`for range ticker.C {`
			`h.expireEphemeralNodesWorker()`
			`}`
			`}`

			`func (h *Headscale) expireEphemeralNodesWorker() {`
			`namespaces, err := h.ListNamespaces()`
			`if err != nil {`
Initial port to zerologger 2021-08-06 01:11:26 +08:00			`log.Error().Err(err).Msg("Error listing namespaces")`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`return`
			`}`
			`for _, ns := range *namespaces {`
			`machines, err := h.ListMachinesInNamespace(ns.Name)`
			`if err != nil {`
Make log keys lowercase 2021-08-06 03:57:47 +08:00			`log.Error().Err(err).Str("namespace", ns.Name).Msg("Error listing machines in namespace")`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`return`
			`}`
			`for _, m := range *machines {`
			`if m.AuthKey != nil && m.LastSeen != nil && m.AuthKey.Ephemeral && time.Now().After(m.LastSeen.Add(h.cfg.EphemeralNodeInactivityTimeout)) {`
Make log keys lowercase 2021-08-06 03:57:47 +08:00			`log.Info().Str("machine", m.Name).Msg("Ephemeral client removed from database")`
Use gorm connection pool 2021-07-05 03:40:46 +08:00			`err = h.db.Unscoped().Delete(m).Error`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`if err != nil {`
Make log keys lowercase 2021-08-06 03:57:47 +08:00			`log.Error().Err(err).Str("machine", m.Name).Msg("🤮 Cannot delete ephemeral machine from the database")`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`}`
Fixed linting 2021-08-13 03:57:20 +08:00			`err = h.notifyChangesToPeers(&m)`
			`if err != nil {`
			`continue`
			`}`
Add support for ephemeral nodes via a special type of pre-auth key. Add tests for that feature. Other fixes: clean up a few typos in comments. Fix a bug that caused the tests to run four times each. Be more consistent in the use of log rather than fmt to print errors and notices. 2021-05-23 08:15:29 +08:00			`}`
			`}`
			`}`
			`}`

Added communication between Serve and CLI using KV table (helps in #52) 2021-07-25 23:59:48 +08:00			`// WatchForKVUpdates checks the KV DB table for requests to perform tailnet upgrades`
			`// This is a way to communitate the CLI with the headscale server`
			`func (h *Headscale) watchForKVUpdates(milliSeconds int64) {`
			`ticker := time.NewTicker(time.Duration(milliSeconds) * time.Millisecond)`
			`for range ticker.C {`
			`h.watchForKVUpdatesWorker()`
			`}`
			`}`

			`func (h *Headscale) watchForKVUpdatesWorker() {`
			`h.checkForNamespacesPendingUpdates()`
			`// more functions will come here in the future`
			`}`

Improving code... 2021-02-22 05:14:38 +08:00			`// Serve launches a GIN server with the Headscale API`
Initial commit 2020-06-21 18:32:08 +08:00			`func (h *Headscale) Serve() error {`
			`r := gin.Default()`
Add health endpoint Allow us to tell when the server is up and running and can answer requests 2021-08-09 00:36:25 +08:00			`r.GET("/health", func(c *gin.Context) { c.JSON(200, gin.H{"healthy": "ok"}) })`
Initial commit 2020-06-21 18:32:08 +08:00			`r.GET("/key", h.KeyHandler)`
			`r.GET("/register", h.RegisterWebAPI)`
			`r.POST("/machine/:id/map", h.PollNetMapHandler)`
			`r.POST("/machine/:id", h.RegistrationHandler)`
Add HTTPS support for the web endpoint with manually configured certificate/key files. 2021-04-24 04:54:35 +08:00			`var err error`
Added communication between Serve and CLI using KV table (helps in #52) 2021-07-25 23:59:48 +08:00
			`go h.watchForKVUpdates(5000)`
Expire ephemeral is internal 2021-08-13 03:45:40 +08:00			`go h.expireEphemeralNodes(5000)`
Added communication between Serve and CLI using KV table (helps in #52) 2021-07-25 23:59:48 +08:00
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`if h.cfg.TLSLetsEncryptHostname != "" {`
			`if !strings.HasPrefix(h.cfg.ServerURL, "https://") {`
Initial port to zerologger 2021-08-06 01:11:26 +08:00			`log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")`
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`}`

			`m := autocert.Manager{`
			`Prompt: autocert.AcceptTOS,`
			`HostPolicy: autocert.HostWhitelist(h.cfg.TLSLetsEncryptHostname),`
			`Cache: autocert.DirCache(h.cfg.TLSLetsEncryptCacheDir),`
			`}`
			`s := &http.Server{`
			`Addr: h.cfg.Addr,`
			`TLSConfig: m.TLSConfig(),`
			`Handler: r,`
			`}`
			`if h.cfg.TLSLetsEncryptChallengeType == "TLS-ALPN-01" {`
			`// Configuration via autocert with TLS-ALPN-01 (https://tools.ietf.org/html/rfc8737)`
			`// The RFC requires that the validation is done on port 443; in other words, headscale`
Add some more detail to the README about the different Let's Encrypt validation methods. 2021-07-24 21:01:20 +08:00			`// must be reachable on port 443.`
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`err = s.ListenAndServeTLS("", "")`
			`} else if h.cfg.TLSLetsEncryptChallengeType == "HTTP-01" {`
			`// Configuration via autocert with HTTP-01. This requires listening on`
			`// port 80 for the certificate validation in addition to the headscale`
			`// service, which can be configured to run on any other port.`
			`go func() {`
Initial port to zerologger 2021-08-06 01:11:26 +08:00
			`log.Fatal().`
			`Err(http.ListenAndServe(h.cfg.TLSLetsEncryptListen, m.HTTPHandler(http.HandlerFunc(h.redirect)))).`
			`Msg("failed to set up a HTTP server")`
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`}()`
Address a bunch of golint warnings. 2021-04-24 23:26:50 +08:00			`err = s.ListenAndServeTLS("", "")`
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`} else {`
Send the namespace name as user to the clients 2021-07-11 22:39:19 +08:00			`return errors.New("unknown value for TLSLetsEncryptChallengeType")`
Add support for automatic TLS certificates via Let's Encrypt. Add a configuration reference to the README.md file. 2021-04-24 10:54:15 +08:00			`}`
			`} else if h.cfg.TLSCertPath == "" {`
Add HTTPS support for the web endpoint with manually configured certificate/key files. 2021-04-24 04:54:35 +08:00			`if !strings.HasPrefix(h.cfg.ServerURL, "http://") {`
Initial port to zerologger 2021-08-06 01:11:26 +08:00			`log.Warn().Msg("Listening without TLS but ServerURL does not start with http://")`
Add HTTPS support for the web endpoint with manually configured certificate/key files. 2021-04-24 04:54:35 +08:00			`}`
			`err = r.Run(h.cfg.Addr)`
			`} else {`
			`if !strings.HasPrefix(h.cfg.ServerURL, "https://") {`
Initial port to zerologger 2021-08-06 01:11:26 +08:00			`log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")`
Add HTTPS support for the web endpoint with manually configured certificate/key files. 2021-04-24 04:54:35 +08:00			`}`
			`err = r.RunTLS(h.cfg.Addr, h.cfg.TLSCertPath, h.cfg.TLSKeyPath)`
			`}`
Initial commit 2020-06-21 18:32:08 +08:00			`return err`
			`}`